[Python-checkins] bpo-13312: Avoid int underflow in time year. (GH-8912)

Miss Islington (bot) webhook-mailer at python.org
Sat Aug 25 01:53:03 EDT 2018 

https://github.com/python/cpython/commit/d5f017bbd65f37ac53fd3c6c439a53155eef2475
commit: d5f017bbd65f37ac53fd3c6c439a53155eef2475
branch: 3.7
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2018-08-25T01:53:00-04:00
summary:

bpo-13312: Avoid int underflow in time year. (GH-8912)


Avoids an integer underflow in the time module's year handling code.
(cherry picked from commit 76be0fffff8b7dbe649ad4821144461800ffb0d0)

Co-authored-by: Gregory P. Smith <greg at krypto.org>

files:
A Misc/NEWS.d/next/Library/2018-08-24-17-31-27.bpo-13312.6hA5La.rst
M Lib/test/test_time.py
M Modules/timemodule.c

diff --git a/Lib/test/test_time.py b/Lib/test/test_time.py
index 7354b969907b..9acd1d497ee8 100644
--- a/Lib/test/test_time.py
+++ b/Lib/test/test_time.py
@@ -19,7 +19,7 @@
 # Max year is only limited by the size of C int.
 SIZEOF_INT = sysconfig.get_config_var('SIZEOF_INT') or 4
 TIME_MAXYEAR = (1 << 8 * SIZEOF_INT - 1) - 1
-TIME_MINYEAR = -TIME_MAXYEAR - 1
+TIME_MINYEAR = -TIME_MAXYEAR - 1 + 1900
 
 SEC_TO_US = 10 ** 6
 US_TO_NS = 10 ** 3
@@ -714,12 +714,11 @@ def test_negative(self):
         self.assertEqual(self.yearstr(-123456), '-123456')
         self.assertEqual(self.yearstr(-123456789), str(-123456789))
         self.assertEqual(self.yearstr(-1234567890), str(-1234567890))
-        self.assertEqual(self.yearstr(TIME_MINYEAR + 1900), str(TIME_MINYEAR + 1900))
-        # Issue #13312: it may return wrong value for year < TIME_MINYEAR + 1900
-        # Skip the value test, but check that no error is raised
-        self.yearstr(TIME_MINYEAR)
-        # self.assertEqual(self.yearstr(TIME_MINYEAR), str(TIME_MINYEAR))
+        self.assertEqual(self.yearstr(TIME_MINYEAR), str(TIME_MINYEAR))
+        # Modules/timemodule.c checks for underflow
         self.assertRaises(OverflowError, self.yearstr, TIME_MINYEAR - 1)
+        with self.assertRaises(OverflowError):
+            self.yearstr(-TIME_MAXYEAR - 1)
 
 
 class TestAsctime4dyear(_TestAsctimeYear, _Test4dYear, unittest.TestCase):
diff --git a/Misc/NEWS.d/next/Library/2018-08-24-17-31-27.bpo-13312.6hA5La.rst b/Misc/NEWS.d/next/Library/2018-08-24-17-31-27.bpo-13312.6hA5La.rst
new file mode 100644
index 000000000000..dc906696a53e
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2018-08-24-17-31-27.bpo-13312.6hA5La.rst
@@ -0,0 +1,2 @@
+Avoids a possible integer underflow (undefined behavior) in the time
+module's year handling code when passed a very low negative year value.
diff --git a/Modules/timemodule.c b/Modules/timemodule.c
index 998216cc8fdb..dbe2fbaf0796 100644
--- a/Modules/timemodule.c
+++ b/Modules/timemodule.c
@@ -551,6 +551,12 @@ gettmarg(PyObject *args, struct tm *p, const char *format)
                           &p->tm_hour, &p->tm_min, &p->tm_sec,
                           &p->tm_wday, &p->tm_yday, &p->tm_isdst))
         return 0;
+
+    if (y < INT_MIN + 1900) {
+        PyErr_SetString(PyExc_OverflowError, "year out of range");
+        return 0;
+    }
+
     p->tm_year = y - 1900;
     p->tm_mon--;
     p->tm_wday = (p->tm_wday + 1) % 7;

More information about the Python-checkins mailing list